vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 11:49:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

remove seemingly stray text

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-07 21:35:09 +01:00
parent 1335d5568f
commit 420e15e8c8
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
book/source/08-signing_components.md
View file

@ -269,7 +269,7 @@ The structure of a certification revocation is as follows:
For User ID revocations, the value of the reason subpacket can either be `0` (no reason specified) or `32`, signaling that the User ID is no longer valid. For User ID revocations, the value of the reason subpacket can either be `0` (no reason specified) or `32`, signaling that the User ID is no longer valid.
The latter would result in a soft revocation, while a reason code of `0` is considered a hard revocation. The latter would result in a soft revocation, while a reason code of `0` is considered a hard revocation.
Omitting the reason packet altogether is also equivalent to a hard revocation. Omitting the reason packet altogether is also equivalent to a hard revocation.
It is recommended to issue User ID certifications using a reason code `32` and to do certificate revocations using a direct-key signature. It is recommended to issue User ID revocations using a reason code `32`.
(binding_subkeys)= (binding_subkeys)=
#### Add a Subkey #### Add a Subkey
@ -310,6 +310,7 @@ Values `1` (key superseded) and `3` (key retired and no longer used) are soft re
#### Revoke a Certificate #### Revoke a Certificate
A user might want to revoke their entire certificate, rendering it unusable. A user might want to revoke their entire certificate, rendering it unusable.
Depending on the circumstances, they might either want to revoke it softly, e.g. in case of migration to a new certificate, or they want to issue a hard revocation, e.g. in case of secret key material compromise. A soft-revoked certificate can be re-validated at a later point in time, by issuing a new certification, while a hard revocation is typically permanent. Depending on the circumstances, they might either want to revoke it softly, e.g. in case of migration to a new certificate, or they want to issue a hard revocation, e.g. in case of secret key material compromise. A soft-revoked certificate can be re-validated at a later point in time, by issuing a new certification, while a hard revocation is typically permanent.
The recommended way to revoke a certificate is by issuing a `KeyRevocation` signature (type 0x20). The recommended way to revoke a certificate is by issuing a `KeyRevocation` signature (type 0x20).